[SERVER-35212] URI connection does not default to admin database when no authSource is specified Created: 24/May/18  Updated: 29/Oct/23  Resolved: 16/Nov/18

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 3.6.1
Fix Version/s: 3.6.10, 4.0.5, 4.1.6

Type: Bug Priority: Major - P3
Reporter: Kamil Dziedzic Assignee: Tyler Kaye
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Duplicate
duplicates SERVER-27655 Redact echoed mongo shell URIs Closed
Problem/Incident
causes SERVER-35768 gssapiServiceName URL parameter does ... Closed
Backwards Compatibility: Minor Change
Backport Requested:
v4.0, v3.6
Sprint: Platforms 2018-07-16, Platforms 2018-07-30, Platforms 2018-08-13, Platforms 2018-08-27, Platforms 2018-09-10, Service Arch 2018-10-22, Service Arch 2018-11-05, Service Arch 2018-11-19
Participants:

 Description   

https://docs.mongodb.com/manual/reference/connection-string/
Documentation states:

/database Optional. The name of the database to authenticate if the connection string includes authentication credentials in the form of username:password@. If /database is not specified and the connection string includes credentials, the driver will authenticate to the admin database.

3.4, correct:

kdz-mbp:mongodb kdz$ mongo --version
MongoDB shell version v3.4.14
git version: fd954412dfc10e4d1e3e2dd4fac040f8b476b268
OpenSSL version: OpenSSL 1.0.2o  27 Mar 2018
allocator: system
modules: none
build environment:
    distarch: x86_64
    target_arch: x86_64
kdz-mbp:mongodb kdz$ mongo "mongodb://admin:__secret__@cluster0-shard-00-00-gc2qe.mongodb.net:27017/admin?ssl=true"
MongoDB shell version v3.4.14
connecting to: mongodb://admin:__secret__@cluster0-shard-00-00-gc2qe.mongodb.net:27017/admin?ssl=true
MongoDB server version: 3.6.4
WARNING: shell and server versions do not match
MongoDB Enterprise Cluster0-shard-0:SECONDARY>
bye
kdz-mbp:mongodb kdz$ mongo "mongodb://admin:__secret__@cluster0-shard-00-00-gc2qe.mongodb.net:27017/?ssl=true"
MongoDB shell version v3.4.14
connecting to: mongodb://admin:__secret__@cluster0-shard-00-00-gc2qe.mongodb.net:27017/?ssl=true
MongoDB server version: 3.6.4
WARNING: shell and server versions do not match
MongoDB Enterprise Cluster0-shard-0:SECONDARY>
bye

However this seems to be broken in 3.6 client

kdz-mbp:mongodb kdz$ mongo --version
MongoDB shell version v3.6.5
git version: a20ecd3e3a174162052ff99913bc2ca9a839d618
OpenSSL version: OpenSSL 1.0.2o  27 Mar 2018
allocator: system
modules: none
build environment:
    distarch: x86_64
    target_arch: x86_64
kdz-mbp:mongodb kdz$ mongo "mongodb://admin:__secret__@cluster0-shard-00-00-gc2qe.mongodb.net:27017/admin?ssl=true"
MongoDB shell version v3.6.5
connecting to: mongodb://cluster0-shard-00-00-gc2qe.mongodb.net:27017/admin?ssl=true
MongoDB server version: 3.6.4
MongoDB Enterprise Cluster0-shard-0:SECONDARY>
bye
kdz-mbp:mongodb kdz$ mongo "mongodb://admin:__secret__@cluster0-shard-00-00-gc2qe.mongodb.net:27017/?ssl=true"
MongoDB shell version v3.6.5
connecting to: mongodb://cluster0-shard-00-00-gc2qe.mongodb.net:27017/?ssl=true
MongoDB server version: 3.6.4
2018-05-24T20:44:33.789+0200 E QUERY    [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow@src/mongo/shell/db.js:1608:20
@(auth):6:1
@(auth):1:2
exception: login failed



 Comments   
Comment by Githook User [ 20/Nov/18 ]

Author:

{'name': 'Tyler Kaye', 'email': 'tyler.kaye@mongodb.com', 'username': 'tkaye407'}

Message: SERVER-35212: Refactor shell code to enable default authentication database as admin

(cherry picked from commit ddcf9f0572755a456632d036744276a09baf5760)
Branch: v3.6
https://github.com/mongodb/mongo/commit/5da6692ca9c2475efcdc75909c60b094e760920f

Comment by Githook User [ 19/Nov/18 ]

Author:

{'name': 'Tyler Kaye', 'email': 'tyler.kaye@mongodb.com', 'username': 'tkaye407'}

Message: SERVER-35212: Refactor shell code to enable default authentication database as admin

(cherry picked from commit ddcf9f0572755a456632d036744276a09baf5760)
Branch: v4.0
https://github.com/mongodb/mongo/commit/a51c150ae5eff8240e2fcc2f6f1e09b9a296f1a2

Comment by Githook User [ 14/Nov/18 ]

Author:

{'name': 'Tyler Kaye', 'email': 'tyler.kaye@mongodb.com', 'username': 'tkaye407'}

Message: SERVER-35212: Refactor shell code to enable default authentication database as admin
Branch: master
https://github.com/mongodb/mongo/commit/ddcf9f0572755a456632d036744276a09baf5760

Comment by Nick Brewer [ 18/Jun/18 ]

arvenil

Thanks for your report - I've managed to recreate this issue on our end, and I've passed this along to our platform team.

Regards,
Nick

Generated at Thu Feb 08 04:39:10 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.